As soon as I heard about free DJ softwares – KraMixer &
MixSense – both from Kramware, I
immediately went ahead and started the installation, only to realize that both
come bundled with Save software L
Few years ago, Save software used to be a very ‘popular’ spyware – just as prominent
as GAIN and few others were. I had not heard about Save afterwards until I came
across these two freewares from Kramware. Nevertheless, still to give it a shot
and see if anything has changed in its ‘spyware’ behavior, I went ahead and
installed KraMixer along with it’s Save and search bar components. Yes it was
not only Save, but also a search bar that came bundled with it (though its
installation was optional). Another reason why I still installed it was that it
mentioned Save is NOT a spyware! Now this was interesting. I did hear a while
ago that GAIN had made efforts to come out of spywares category, but had never
heard about Save making similar efforts – only if it had been technically true.
Anyway, after the installation I fired up couple of monitoring tools (ethereal,
filemon, autoruns, procexp, ollydbg) to see what these no-more-spyware
softwares are up to.
Just to pause here to give a quick context – by the basic definition of spyware, it is a piece of software that monitors
users’ browsing habits and sends that information to software owners. It is a
broad category of software – ranging from monitoring just the websites users
visits, to as severe as intercepting users’ personal information (e.g., emails,
passwords, etc.). This information is then used by those vendors to send spam
mails and targeted advertisements. That is how they make money.
Ok, coming back. As it was obvious, when I ran Spybot S & D and Windows
Defender, both caught Save.exe and its search bar as potential spywares. Now,
those same softwares, just to avoid being called as spyware, apparently have
changed their modes of operations. Instead of sending users’ browsing habits
back to their software owners, they now do the analysis locally on users’
machine about which advertisements to show. As an example, I installed
kramware’s software on a fresh virtual machine and visited sites of Spybot
S&D and Windows Defender . Because both are anti-spywares,
after few minutes IE started showing pop-up related to all the anti-spyware
softwares. What goes in the background is, as revealed by Ethereal dump,
Save.exe downloads a small database from its website and saves it inside
C:\Program Files\Save\Save.db. Save.exe also builds another database store.db in
the same folder apparently to keep track of all the websites user visits.
Save.exe and search bar components build user’s browsing habit by regularly
monitoring IE’s index.dat to peek into all websites user visits (I’ll probably
write more about these index.dat files in my future posts – it is worth a
complete post for itself).
Still, one good thing about these Save softwares is that whatever they intend
the realization, that something running on my machine is constantly monitoring
my browsing habits, still bothers me.
Kramware: find some place else, not my
system; I would rather pay for a commercial software.